From: shevegen@... Date: 2017-12-27T17:41:12+00:00 Subject: [ruby-core:84523] [Ruby trunk Feature#14250] Make `$SAFE` process global state and allow to set 0 again Issue #14250 has been updated by shevegen (Robert A. Heiler). Can not comment on $SAFE but I personally have not used $SAFE so far in like +10 years or so. I can only remember the pickaxe mentioning it, but I have not used it in any of my ruby code. A bit off-topic but does anyone remember if _why's old ruby sandbox (the online irb, I think), made use of it? For such projects, trivial ways to control how "safe" the ruby is, may be more useful. E. g. in any restricted environment such as that. ---------------------------------------- Feature #14250: Make `$SAFE` process global state and allow to set 0 again https://bugs.ruby-lang.org/issues/14250#change-69051 * Author: ko1 (Koichi Sasada) * Status: Open * Priority: Normal * Assignee: ko1 (Koichi Sasada) * Target version: 2.6 ---------------------------------------- `$SAFE > 1` is removed from Ruby 2.3 and there are some opinion to remove `$SAFE` feature ([Feature #5455]). There are several reason, but the biggest reason I think is nobody use `$SAFE` correctly. Also current `$SAFE` is thread/proc local information and it hurts performance (we need to restore `$SAFE` information just after returning proc, even if returning by exception). Matz said `$SAFE == 1` is similar to warning and it is not a security feature, but one of the programming tool we can use to improve our program (`$SAFE == 3` was for sandbox, security feature). From this perspective, Matz approved us the followings: * `$SAFE` is process global, not a Proc local state. * We can set `$SAFE == 0` when `$SAFE == 1`. I think we can't make big project with the above changes (how to make multi-thread programming with this `$SAFE`?), but `$SAFE` seems for small project (so-called *scripting*). Anyway if nobody use it, no problem on these changes. I will commit this change soon. Please try new spec and point out any problem you got. Thanks, Koichi -- https://bugs.ruby-lang.org/ Unsubscribe: